Ask the Expert

Clarifying OpenSSL protocol vulnerabilities

Quote from SearchOracle.com Dec. 8 says "Oracle Corp. on Friday confirmed that a variety of its server products could be tampered with through vulnerabilities via the OpenSSL protocol." My understanding is this: The vulnerability exists if using OpenSSL protocol. If users access all databases behind firewall via intranet, then tampering can only come from internal employees. Correct?

    Requires Free Membership to View

To a point, this is correct. The OpenSSL vulnerability can only be exploited if someone has access to your database server. For these types of security reasons, many organizations place their database server behind a firewall, and rightfully so. However, application servers, which typically sit in a "De-militarized zone (DMZ)" area of the firewall, not only allow open access to the application server but also need a firewall hole poked to let the application server connect to the database. Depending on your level of security and your network configuration, it is possible for someone in the outside world to be able to exploit this security hole. For that reason, I make the appropriate security fixes for the database even if the database is inside the company's firewall.

This was first published in December 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: